github.com/pachyderm/pachyderm@v1.13.4/doc/docs/1.9.x/deploy-manage/deploy/amazon_web_services/aws_cloudfront.md (about) 1 # Deploy a Pachyderm Cluster with CloudFront 2 3 After you have an EKS cluster or a Kubernetes cluster 4 deployed with `kops` ready, 5 you can integrate it with Amazon 6 CloudFrontâ„¢. 7 8 Amazon CloudFront is a content delivery network (CDN) that 9 streams data to your website, service, or application securely 10 and with great performance. Pachyderm recommends that you 11 set up Pachyderm with CloudFront for all production 12 deployments. 13 14 To deploy Pachyderm cluster with CloudFront, 15 complete the following steps: 16 17 1. [Create a CloudFront Distribution](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/GettingStarted.html#GettingStartedCreateDistribution) 18 1. [Deploy Pachyderm with an IAM role](aws-deploy-pachyderm.md) 19 1. [Apply the CloudFront Key Pair](#apply-the-cloudfront-key-pair) 20 21 ## Apply the CloudFront Key Pair 22 23 If you need to create signed URLs and 24 signed cookies for the data that goes to Pachyderm, you need to 25 configure your AWS account to use a valid CloudFront key pair. 26 Only a root AWS account can generate these secure credentials. Therefore, 27 you might need to request your IT department to create them for you. 28 29 For more information, see the [Amazon documentation](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html#private-content-creating-cloudfront-key-pairs). 30 31 The CloudFront key pair includes the following attributes: 32 33 - The private and public key. For this deployment, you only need the private 34 key. 35 - The key pair ID. Typically, the key pair ID is recorded in the filename. 36 37 **Example:** 38 39 ``` 40 rsa-APKAXXXXXXXXXXXXXXXX.pem 41 pk-APKAXXXXXXXXXXXXXXXX.pem 42 ``` 43 44 The key-pair ID is `APKAXXXXXXXXXXXXXXXX`. The other file is 45 the private key, which looks similar to the following text: 46 47 !!! example 48 ```shell 49 $ cat pk-APKAXXXXXXXXXXXX.pem 50 -----BEGIN RSA PRIVATE KEY----- 51 ... 52 ``` 53 54 To apply this key pair to your CloudFront distribution, complete 55 the following steps: 56 57 1. Download the `secure-cloudfront.sh` script from the Pachyderm 58 repository: 59 60 ```shell 61 $ curl -o secure-cloudfront.sh https://raw.githubusercontent.com/pachyderm/pachyderm/master/etc/deploy/cloudfront/secure-cloudfront.sh 62 ``` 63 64 1. Make the script executable: 65 66 ```shell 67 $ chmod +x secure-cloudfront.sh 68 ``` 69 70 1. From the `deploy.log` file, obtain the S3 bucket name for your 71 deployment and the CloudFront distribution ID. 72 73 1. Apply the key pair to your CloudFront distribution: 74 75 ```shell 76 $ ./secure-cloudfront.sh --region us-west-2 --zone us-west-2c --bucket YYYY-pachyderm-store --cloudfront-distribution-id E1BEBVLIDYTLEV --cloudfront-keypair-id APKAXXXXXXXXXXXX --cloudfront-private-key-file ~/Downloads/pk-APKAXXXXXXXXXXXX.pem 77 ``` 78 79 1. Restart the `pachd` pod for the 80 changes to take effect: 81 82 ```shell 83 $ kubectl scale --replicas=0 deployment/pachd && kubectl scale --replicas=1 deployment/pachd && kubectl get pod 84 ``` 85 86 1. Verify the setup by checking the `pachd` logs and confirming that 87 Kubernetes uses the CloudFront credentials: 88 89 ```shell 90 $ kubectl get pod 91 NAME READY STATUS RESTARTS AGE 92 etcd-0 1/1 Running 0 19h 93 etcd-1 1/1 Running 0 19h 94 etcd-2 1/1 Running 0 19h 95 pachd-2796595787-9x0qf 1/1 Running 0 16h 96 97 $ kubectl logs pachd-2796595787-9x0qf | grep cloudfront 98 2017-06-09T22:56:27Z INFO AWS deployed with cloudfront distribution at d3j9kenawdv8p0 99 2017-06-09T22:56:27Z INFO Using cloudfront security credentials - keypair ID (APKAXXXXXXXXX) - to sign cloudfront URLs 100 ``` 101